CVE-2024-28762

Name of the Vulnerable Software and Affected Versions IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) versions 10.5, 11.1, and 11.5

Description The issue is related to the management of database systems, specifically IBM DB2 and IBM DB2 Connect Server, which are vulnerable to denial of service attacks. This can be achieved by exploiting the unlimited allocation of resources, allowing a remote attacker to cause a denial of service using specially crafted queries under certain conditions.

Recommendations For versions 10.5, 11.1, and 11.5, consider restricting access to the database system to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider disabling the execution of specially crafted queries until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.